Lucene search

MitreCVE-2004-2563

HistoryNov 22, 2005 - 2:00 a.m.

CVE-2004-2563

2005-11-2202:00:00

mitre

web.nvd.nist.gov

serena teamtrack

remote attacks

information disclosure

xss

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.

Affected configurations

Nvd

Node

serena_softwareserena_teamtrackMatch6.1.1

VendorProductVersionCPE
serena_softwareserena_teamtrack6.1.1cpe:2.3:a:serena_software:serena_teamtrack:6.1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
serena_software	serena_teamtrack	6.1.1	cpe:2.3:a:serena_software:serena_teamtrack:6.1.1:::::::*

References

secunia.com/advisories/12122

www.osvdb.org/8182

www.osvdb.org/8183

www.osvdb.org/8185

www.securiteam.com/windowsntfocus/5SP0O0ADGG.html

www.securityfocus.com/bid/10770

exchange.xforce.ibmcloud.com/vulnerabilities/16771

exchange.xforce.ibmcloud.com/vulnerabilities/16777

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2004-2563